Rooting exploit could turn Google Glass into secret surveillance tool

"Nothing is safe once your Glass has been hacked," hacker warns.

A smartphone hacker has provided conclusive proof that the futuristic computing headset known as Google Glass can be surreptitiously modified to give anyone with physical access almost complete control over the device. He called on Google engineers to improve the security of Glass—which is currently only available to developers—before it becomes available to the general public.

Google engineers have stressed that the head-mounted computing device—which can capture nearby conversations and images and transmit them over the Internet—was meant to be hacked. But until now, it has been easy for end users to know when their all-seeing, all-hearing headsets were modified. All that has changed now that security consultant Jay "saurik" Freeman has fashioned an alternative way to gain almost unfettered "root" control. Using an exploit discovered seven months ago to root smartphones running Google's Android operating system, it takes him less than five minutes to hack the new device. From there, he can install a customized operating system that silently monitors everything the device sees or hears.

Because it requires a device to be put into a special "debug mode," the exploit isn't considered much of a security threat for smartphone users. After all, debug mode can be invoked only after a user has unlocked the handset using a PIN code or other security mechanism. Glass, by contrast, has no form of screen lock, making it possible for someone with even brief access to a headset to make persistent changes.

"With the security exploit, I can pick up your Glass, turn on debug mode, and get root access on it in a way that doesn't leave a trace," Freeman told Ars in a telephone interview. "Then I can modify any of the software on your device. I can make it so that for the rest of your Glass' lifetime I'm in there, too, able to get access to your camera, listen in on your microphone. I can turn off debug mode and make it look like there's nothing changed from your perspective. And when you get it back, you're screwed."

Asked to comment on Freeman's claims, Google officials issued a statement that read: "We recognize the importance of building device-specific protections, and we're experimenting with solutions as we work to make Glass more broadly available. It's also important to understand that Glass doesn’t access many parts of a Google Account, including settings or many products. And your personal MyGlass site allows you to change the content that you see on Glass or, if you misplace it, wipe all the data off your device."

It's reassuring to know that Glass gives users the ability to control much of the content stored in their Google accounts. Still, the scenario painted by Freeman is unsettling. It suggests users who let the headsets out of their physical control for even a few minutes can't be sure the devices won't be turned into sophisticated spying devices that will relay intimate conversations and sensitive data to hackers.

"Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer," Freeman, who developed the Cydia app store for jailbroken iOS devices, wrote in a 6,000-word blog post published Tuesday. "They have control over a camera and a microphone that are attached to your head. A bugged Glass doesn't just watch your every move: it watches everything you are looking at (intentionally or furtively) and hears everything you do. The only thing it doesn't know are your thoughts."

He went on to describe how a hacked Glass headset could have a broad consequences for users. Since glass sees passwords and PIN codes being entered, the security of computers and smartphones is affected. Even physical security is impacted, since Glass can record building access codes and take pictures of keys that are detailed enough to allow copies to be made. "Nothing is safe once your Glass has been hacked," he warned.

The grim assessment was accompanied by a blow-by-blow account of how Freeman was able to gain root on one of the first Glass devices to become available. Within seconds of turning it on last week, he noticed a "debug mode" buried in the settings menu. The adb—short for Android Debugging tool—allowed him to use a USB-connected computer to issue commands to his Google Glass headset, in much the way the Command prompt or Terminal window permit users to send and monitor internal processes running on Microsoft Windows and Apple Mac machines.

With additional investigating, he stumbled upon the Android exploit and figured out how to use it to get root on his Glass headset. For a step-by-step tutorial, see the section subtitled "How can I use this exploit myself?"

While Glass provides visual cues that its microphone and video camera are activated, Freeman said it wouldn't be hard for a skilled hacker to create a custom version of the OS that suppressed those warnings. It could also be possible to introduce code that takes pictures every 30 seconds or activates recording when the device detects certain key words are spoken.

In Tuesday's treatise, Freeman called on Google to equip Glass with a screen lock of some sort and to provide a foolproof way for users to know when the headset is recording still pictures, video, or audio. He proposed a "little sliding plastic shield" that would make it clear to both user and near-by people when they're being monitored. It wouldn't be surprising to see Glass get the security overhaul the security consultant is recommending. Fortunately, the company still has time to take action before the device gets in the hands of the masses.

Promoted Comments

Considering that Google employees are currently wearing and testing Glass while at work, I'd think that Google would be VERY concerned that they could be targets of industrial espionage, now that details like this are coming out. Can you imagine how rich of a target some of the data that Google's top engineers, who are wearing Glass, have daily access to? Not to mention that the ease of capturing credentials via this method?

Maybe that will help give them the impetus needed to increase the security of the device.

What's your support for saying there's an "I'm recording" light that's hardwired to the camera? Maybe people downvoted you for not documenting your claims?

There is no recording light on the Glass at all:

Quote:

The most disconcerting bit is that you can be recording video at anytime and there's really no way for anyone else to tell. Google made the unfortunate decision to not include something like a red LED on the front to indicate when Glass is recording, which would have been a limited (and easily defeated) step -- but it would have been something.

There are real potential risks with them having this exploit without it being a stretch of the imagination. About the only way these glasses wouldn't be a security risk at this stage of development is to simply not have them on your person whenever you are doing something sensitive or secret. I can easily see how they can be manipulated to malicious means.

Okay, so you're saying you need physical access to my glass. Which I'm giving a malicious person... why? Or leaving them around? No. Also, you'd have to notice that the battery life is suddenly awful. They don't record and listen 24/7 normally, and video is the main thing that kills the battery. I am not concerned. Find a way to do this all remotely and I will be.

It doesn't have to be someone you know is malicious. It could be anyone who has a grudge. Hell, it could be someone who liked you for a time, but then you had a falling out with.

There are enough "Romance Revenge" sites out there that suggest it would be no problem for one of them to root your Glass without you knowing.

Okay, so you're saying you need physical access to my glass. Which I'm giving a malicious person... why? Or leaving them around? No. Also, you'd have to notice that the battery life is suddenly awful. They don't record and listen 24/7 normally, and video is the main thing that kills the battery. I am not concerned. Find a way to do this all remotely and I will be.

Till now... Because of the usage pattern of the glasses they could become very attractive targets for black mailing and espionage.

Not really surprising. Most computers can be programmed to do things they weren't designed to do. This strikes me as the equivalent of "hacking" someone's laptop to surreptitiously activate the webcam and send snaps/video to another person. I'd imagine that the security will have to be similar--be careful who you allow to access your laptop, Glass, etc. Just like on a laptop, if someone has physical access, even with a screen lock or password, there are always going to be methods of booting to recovery or safe mode and bypassing the basic security.

In the end, I think it will come down to using similar methods to protect yourself. Don't let people mess with your device and be aware of what you do when there is a camera in front of you. Same goes for laptops, tablets, and smartphones with cameras.

What I'm waiting for is a hack that'll allow issuance of a loud squeal and a flash of light to all nearby Glass devices. No, that'd be cruel. Never mind... Show'em all pictures of Mickey Mouse and play the Hokey Pokey.

What I'm waiting for is a hack that'll allow issuance of a loud squeal and a flash of light to all nearby Glass devices. No, that'd be cruel. Never mind... Show'em all pictures of Mickey Mouse and play the Hokey Pokey.

Being a good tech-nerd means not accepting everything you are told by vendors. Especially when they're vending, and you are the putative vendee.

But this is not what happens. As far as I am concerned, Google Glass was and is, quite obviously, a dumb idea. Only Google is likely to disagree... very likely! The world didn't need Segways either, but no one told the inventor that because the inventor didn't tell anyone what he was inventing till he'd finished the inventing. Then he got laughed at, rather a lot. Google Glass is different - we've been able to see it coming for quite a while.

Certain individuals can easily demonstrate a "personal" need for Google Glass. Society, on the other hand, cannot. Society needs Google Glass to not exist because Google Glass allows individuals to subvert society.

I think all techie reporters should be forced to read both Animal Farm and Nineteen Eighty Four.

Google Glass will have a backdoor built into it somewhere so the Government can access what you are seeing.I do not trust these devices and I will be extremely angry if I see someone filming me.Do not try to point your devices at me and that is all I will say on the Subject.

Okay, so you're saying you need physical access to my glass. Which I'm giving a malicious person... why? Or leaving them around? No. Also, you'd have to notice that the battery life is suddenly awful. They don't record and listen 24/7 normally, and video is the main thing that kills the battery. I am not concerned. Find a way to do this all remotely and I will be.

So, as with webcams and laptop/tablet cameras, etc., I think you need to attach a physical cover to the Glass camera. Make it really obvious, and not made of a polarized material, instead something fully opaque. As a user, you just flip the cover down when you're not actively recording. As a possible observee, you can request they flip it down to ensure you're not being recorded. Maybe they'll even let you into the Glass-free bars that way.

Okay, so you're saying you need physical access to my glass. Which I'm giving a malicious person... why? Or leaving them around? No. Also, you'd have to notice that the battery life is suddenly awful. They don't record and listen 24/7 normally, and video is the main thing that kills the battery. I am not concerned. Find a way to do this all remotely and I will be.

Not to mention the "I'm recording" light would be a clue.

From the very article you're commenting on:

While Glass provides visual cues that its microphone and video camera are activated, Freeman said it wouldn't be hard for a skilled hacker to create a custom version of the OS that suppressed those warnings. It could also be possible to introduce code that takes pictures every 30 seconds or activates recording when the device detects certain key words are spoken.

That said, I'd be surprised that turning on debug mode doesn't show a notice at bootup.

No, this isn't the expected behavior at all. When Glass is rooted in the expected way, it's obvious it has been rooted. The exploit Freeman is using shows no sign whatsoever that it has been rooted. I'd invite you to withhold your opinionn about debug mode showing a notice at bootup until you've had a chance to read Freeman's blog post.

Google put screenlocks on Android phones because it recognized the risk posed by handsets that are left unattended, even for a few minutes. Why wouldn't the same protection be available for Glass?

Fail to see how it's any different than a cell phone in this respect. Sure; the glass is in a better position to record video, but if the reviews I've read are any indication, it would likely run out of batteries long before anything useful gets recorded.

Not that there's not a threat here (because there certainly is) but the real threat is no different than that of a cell phone. It's just that most people fail to realize the number and sophistication of the sensors in their cell phone and how a malicious application could take control of them. If you wanted to wiretap someone these days, you'd get way more information with far less exposure by hacking their phone. If you're an informant doing a drug deal, wearing a wire could get you killed; but the worst case with a cell phone is they take the phone from you.

Besides, the Glass is basically a prototype for crowdsourcing purposes. It's intentionally not locked down because a) it's not a commercial product yet and b) it's more valuable to Google to see what use cases people can come up with before devising a security scheme that may block both potentially awesome and nefarious use cases. Almost nobody outside a bunch of tech reporters and developers has one or will have one for quite some time. By the time Glass makes it out into the real world, these problems will likely have been addressed.

That said, I'd be surprised that turning on debug mode doesn't show a notice at bootup.

No, this isn't the expected behavior at all. When Glass is rooted in the expected way, it's obvious it has been rooted. The exploit Freeman is using shows no sign whatsoever that it has been rooted. I'd invite you to withhold your opinionn about debug mode showing a notice at bootup until you've had a chance to read Freeman's blog post.

Google put screenlocks on Android phones because it recognized the risk posed by handsets that are left unattended, even for a few minutes. Why wouldn't the same protection be available for Glass?

Clearly, it should lock when you take it off your head. Heat sensors around the ear, perhaps? You could unlock it by scanning your retina or something.

That said, I'd be surprised that turning on debug mode doesn't show a notice at bootup.

No, this isn't the expected behavior at all. When Glass is rooted in the expected way, it's obvious it has been rooted. The exploit Freeman is using shows no sign whatsoever that it has been rooted. I'd invite you to withhold your opinionn about debug mode showing a notice at bootup until you've had a chance to read Freeman's blog post.

Google put screenlocks on Android phones because it recognized the risk posed by handsets that are left unattended, even for a few minutes. Why wouldn't the same protection be available for Glass?

There are what, 2000 Glass units in the wild right now? It's more likely that Google just hasn't spent a lot of time designing system security around what is effectively an early alpha developer prototype. It's obvious Glass has potential; but it's just as obvious that its clearly not ready for prime time.

Okay, so you're saying you need physical access to my glass. Which I'm giving a malicious person... why? Or leaving them around? No. Also, you'd have to notice that the battery life is suddenly awful. They don't record and listen 24/7 normally, and video is the main thing that kills the battery. I am not concerned. Find a way to do this all remotely and I will be.

Not to mention the "I'm recording" light would be a clue.

From the very article you're commenting on:

While Glass provides visual cues that its microphone and video camera are activated, Freeman said it wouldn't be hard for a skilled hacker to create a custom version of the OS that suppressed those warnings. It could also be possible to introduce code that takes pictures every 30 seconds or activates recording when the device detects certain key words are spoken.

I've thought about this before. It seems like it should be possible to wire these devices so that the power to the camera/mic and indicator lights are connected serially.

That said, I'd be surprised that turning on debug mode doesn't show a notice at bootup.

No, this isn't the expected behavior at all. When Glass is rooted in the expected way, it's obvious it has been rooted. The exploit Freeman is using shows no sign whatsoever that it has been rooted. I'd invite you to withhold your opinionn about debug mode showing a notice at bootup until you've had a chance to read Freeman's blog post.

Google put screenlocks on Android phones because it recognized the risk posed by handsets that are left unattended, even for a few minutes. Why wouldn't the same protection be available for Glass?

There are what, 2000 Glass units in the wild right now? It's more likely that Google just hasn't spent a lot of time designing system security around what is effectively an early alpha developer prototype. It's obvious Glass has potential; but it's just as obvious that its clearly not ready for prime time.

so how long after it goes into full production will it still wear the standard-issue BETA tag? i'm guessing a few years. thanks, i'll pass.

Okay, so you're saying you need physical access to my glass. Which I'm giving a malicious person... why? Or leaving them around? No. Also, you'd have to notice that the battery life is suddenly awful. They don't record and listen 24/7 normally, and video is the main thing that kills the battery. I am not concerned. Find a way to do this all remotely and I will be.

Not to mention the "I'm recording" light would be a clue.

...because it's hardwired to the camera, and if the "malicious hacker" broke the circuit, you'd soon find out the light isn't on when you know you're recording. Perfectly good logic which got down-voted by the morons who are here for the FUD.